If you speak English, you probably are familiar with the word compromise in normal use.
Specifically, accepting something that isnt quite what you initially wanted because of some competing factor.
Theres no real limit on what the competing factor can be.
Cost is a classic example, as is time, effort, material limitations, and other peoples requirements.
In the world of cyber security, the word compromise is also used.
The exact meaning though isnt really the same.
A security compromise is the result of unauthorised access to data or a system.
The exact details of the compromise and how severe it is can vary significantly.
This is less a deliberate compromise and more a forced reality-driven re-evaluation.
It is also typically not just accepted but efforts are taken to handle the issue.
In the vast majority of cases, this will involve the unauthorised party being able to see the data.
The compromise can affect the confidentiality or the integrity of the data, or potentially both.
If the data is not particularly sensitive, this may not be a massive issue.
Typically, however, access restricted data is restricted for some reason.
Payment details are a classic data point.
Classified data, for example, may have national security ramifications If disclosed to unauthorised parties.
In similar ways, if that data was modified there could be further issues.
especially if that modification was not noticed for some time.
Once data as been compromised the cat is out of the bag.
The method of access can be resolved but the data is out there.
Knowing what data was accessed can allow further damage limitation proceedings to occur.
This may be especially important if the data was modified.
Depending on the malware, a compromised computer can mean different things.
Ransomware might delete your data but typically doesnt actually disclose it to anyone.
Most other forms of modern malware do attempt to steal sensitive data such as passwords.
Some types of malware can be particularly difficult to remove.
In some rare cases, even this might not be enough.
Malware of this caliber, however, is typically only developed by nation-state-level threat actors.
If the software is compromised it should be treated as if it was purely malware.
Unfortunately, there are worse scenarios.
This is known as a supply chain attack.
This sort of compromise involves the developer being hacked in some way.
It is, however, possible for the developer to have an insider threat.
Note: Hardware can also be compromised through supply chain attacks.
The original compromise may enable further security incidents.
Each of the examples given above has shown this in some form.
Compromised classified data could put the lives of field agents and the assets they manage at risk.
If carefully manipulated, it could even lead to the acceptance of false intelligence and could compromise other operations.
Your compromised computer could be used to proliferate the malware its infected with.
The data on it could also be used to access your online accounts etc.
A compromise doesnt necessarily result in a data breach where the data is sold/released on the black market.
It can just be an accidental disclosure to a responsible but unauthorised person.
